The Apache Software FoundationBlogging in Action.

The Apache Software Foundation Blog

Synopsis: This report explores the state of security across all Apache Software Foundation projects for the calendar year 2019. We review key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues.

BackgroundThe security committee of The Apache Software Foundation (ASF) oversee and co-ordinate the handling of vulnerabilities across all of the 300+ Apache projects. Established in 2002 and comprising of all volunteers, we have a consistent process for how issues are handled, and this process includes how our projects must disclose security issues.

Anyone finding security issues in any Apache project can report them to security@apache.org where they are recorded and passed on to the relevant dedicated security teams or project management committees (PMC) to handle. The security committee see all the issues reported across all the addresses and keep track of the issues throughout the vulnerability lifecycle.

The security committee is responsible for ensuring that issues are dealt with properly and will actively remind projects of their outstanding issues and responsibilities. As a board committee, we have the ability to take action including blocking their future releases or, worst case, archiving a project if such projects are unresponsive to handling their security issues. This, along with the Apache Software License, are key parts of the ASF’s general oversight function around official releases, allowing the ASF to protect individual developers and giving users confidence to deploy and rely on ASF software.

The oversight into all security reports, along with tools we have developed, gives us the ability to easily create statistics on the issues.

Statistics for 2019In 2019 our security addresses received in total over 18,000 emails. After spam filtering and thread grouping this comes to 620 non-spam threads. Unfortunately many security reports do look like spam and so the security team are careful to review all messages to ensure real reports are not missed for long.

Diagram 1 gives the breakdown of those 620 threads. 138 threads (22%) were people confused by the Apache License. As many projects use the Apache License, not just those under the ASF umbrella, users can get confused when they see the Apache License and they don't understand what it is. This is most common for example on mobile phones where the licenses are displayed in the settings menu, usually due to the inclusion of software by Google released under the Apache License.

The next 162 of the 620 (26%) are email threads that are not spam but are also not reports of new vulnerabilities. These are generally people asking support-type questions or how old vulnerabilities were dealt with.

That left 320 reports of new vulnerabilities in 2019, which spanned across 84 of the top level projects. These 320 reports are a mix of both external reporters and internal; for example where a project has found an issue themselves and followed the ASF process to assign it a CVE name and address it. Note that we don’t track the reporter affiliation, and ASF reporters often use non-ASF email addresses for reporting, so we can’t give a break down of internal vs external reports .

The next step is that the appropriate project triages the report to see if it's really an issue or not. At this stage invalid reports, or things that are not actually vulnerabilities at all, get rejected back to the reporter. Of the remaining issues that are accepted they are are assigned appropriate CVE names and eventually fixes are released.

As of January 1st 2020, 19 of those 320 reports were still under triage (i.e. the project had not yet determined if the report is accepted or rejected). The process of triage and investigation varies in time depending on the project, availability of resources, and number of issues to be assessed. As a general guideline we try to ensure projects have triaged issues within 90 days of the report. The timeline for the fixing of issues depends on the schedules of the projects themselves and issues of lower severity are most often held to future pre-planned releases.

The remaining closed 301 reports led to us assigning 122 CVE names. Some vulnerability reports may include multiple issues, some reports are across multiple projects, and some reports are duplicates where the same issue is found by different reporters, so there isn't an exact one-to-one mapping of accepted reports to CVE names. The Apache Security committee handle CVE name allocation and are a Mitre Candidate Naming Authority (CNA), so all requests for CVE names in any ASF project are routed through us, even if the reporter is unaware and contacts Mitre directly or goes public with an issue before contacting us.

Noteworthy eventsDuring 2019 there were a few events worth discussion; either because they were severe and high risk, they had readily available exploits, or otherwise due to media attention. These included:

January 2019: Securonix published a report outlining an increase of attacks of Apache Hadoop instances that have not been configured with authentication. Public exploits and a Metasploit module exist to perform remote code execution on unprotected Hadoop YARN systems.

April 2019: A flaw in Apache HTTP Server 2.4 (CVE-2019-0211). A user who has access to write scripts on a web server could elevate those privileges to root. A public exploit is available for this issue.

June 2019: Jonathan Leitschuh contacted us after finding a number of Java build dependencies were being downloaded over insecure paths (i.e. HTTP rather than HTTPS). We did not classify these as security vulnerabilities in themselves as exploiting them would require MITM attacks at build time. We worked with ASF projects including those identified by the reporter to ensure that we use secure URLs. Now, in 2020, a number of repositories are requiring secure URLs.

August 2019: The Black Duck Synopsys team reviewed older Struts releases and advisories and found some discrepancies in the reported affected versions. The Struts team worked through their findings and issued corrections where needed. This can be important if users are running older versions that they don't think are affected by an issue based on the advisories, but they actually are. However, those same users are likely vulnerable to the other issues that have since been fixed and so we'd always recommend users upgrade to the latest version of Struts to ensure they have a version that contains fixes for all the published security issues.

August 2019: Netflix found a number of denial of service vulnerabilities affecting various HTTP/2 implementations. ASF projects containing HTTP/2 implementations were investigated and analysed the issues reported. Both Apache HTTP Server and Apache TrafficServer releasedupdates to address denial of service issues that affected them. Apache Tomcat also made performance improvements to HTTP/2 handling but the issues were not classed as denial of service.

September 2019: A RiskSense report highlighted vulnerabilities known to be used by Ransomware which included four in ASF projects. The four vulnerabilities were all fixed in earlier years and all had updates and mitigations available before any ransomware took advantage of them. Users should always ensure they pay attention to security updates in any ASF projects they use and prioritise updating for any remote or critical vulnerabilities. The four vulnerabilities were:

-- CVE-2016-3088 in Apache ActiveMQ. Targeted by XBash, this issue was trivial to exploit. It was fixed in Active MQ 5.14.0 and mitigation was also available.

-- CVE-2017-12615 in Apache Tomcat. It is surprising to see this issue on the list as it affects a non-default and quite unlikely flaw. However, it's an issue that is probed by Lucky (a variant of "Satan"), so if there is a server configured in this way it will get exposed. This issue only affected Windows platforms on non-default config, it was fixed in Tomcat 7.0.81, and mitigation is also available. Note that Lucky will also do brute force attacks targeting weak passwords on accessible Tomcat Web Admin consoles.

-- CVE-2017-5638 in Apache Struts. This issue is known to be exploited in the wild, however the first exploitation was discovered after the advisory and fix was published. Used by Lucky (a variant of Satan). It was fixed in Struts 2.3.32 and 2.5.10.1, and a mitigation is also available.

-- CVE-2018-11776 in Apache Struts. This issue is also used by Lucky. It was fixed in Struts 2.3.35, 2.5.17, a possible mitigation is available but upgrading is advised.

Dec 2019: A flaw in Apache Olingo allowing XML External Entity (XXE) attacks (CVE-2019-17554). This issue could be used, for example, to retrieve arbitrary files from a server. A public exploit example exists for this issue.

A number of flaws in Apache Solr through the year that could allow remote code execution. Public exploits exist for some of the issues as well as a Metasploit module.

The European Commission EU-FOSSA 2 project sponsored bug bounty programs for users finding security issues in both Apache Kafka and Apache Tomcat. No issues were fixed in Apache Kafka. Two issues were fixed in Apache Tomcat: CVE-2019-0232 (Important severity, affecting Windows platforms, public exploits including a Metasploit module are available) and CVE-2019-0221 (Low severity). As well as running the bug bounties, EU-FOSSA 2 also sponsored a successful hackathon in June 2019.

Conclusion

Apache Software Foundation projects are highly diverse and independent. They have different languages, communities, management, and security models. However one of the things every project has in common is a consistent process for how reported security issues are handled.

The ASF Security Committee work closely with the project teams, communities, and reporters to ensure that issues get handled quickly and correctly. This responsible oversight is a principle of The Apache Way and helps ensure Apache software is stable and can be trusted.

This report gave metrics for calendar year 2019 showing from the 18,000 emails received we triaged over 300 vulnerability reports leading to fixing just over 100 (CVE) issues. If you have vulnerability information you would like to share with or comments on this report please contact us.

The Apache Software Foundation Operations Summary: August - October 2019

FOUNDATION OPERATIONS SUMMARY

Second Quarter, Fiscal Year 2020 (August - October 2019)

"...a preeminent organization in the world of open source software... The ASF has always distinguished itself by maintaining a consistent mode of project governance and evolution, known as "The Apache Way"."—Brian Proffitt, Senior Principal Community Architect, Red Hat Open Source Program Office (ASF Silver Sponsor)

> Conferences and Events: During this period we held two major Apache events.

> Community Development: During this quarter a key theme was event participation.

In August our main focus was dealing with the requests for ordering project stickers for ApacheCon. For this special anniversary event we wanted to ensure that any many projects as possible would have stickers available on the ASF booth.

The main focus in September was to help provide support for Apachecon NA in Las Vegas. As usual we co-ordinated the Apache booth which was staffed by our community volunteers from various projects. They had the chance to speak to attendees, promote their project and hand out a range of giveaways. The ASF booth was also the central place where the Apache feather was on display for all attendees to sign.

In October the feather was also taken to Berlin for ApacheCon EU and attendees were also invited to sign the feather. Once again we had a central and dynamic booth which became a meeting hub for attendees.

As part of bringing the Apache Way to new audiences, an Apache Day event was held in Indore, India during September. The aim was to give people an overview of the ASF, the Apache Way and also give some practical help in becoming a contributor.

Also this quarter we participated at CCOSS 19 in Guadalajara, Mexico. There was an Apache track with talks ranging from Getting Started to Governance and Open Source Licences. This was a great opportunity to connect with potential new contributors to open source.

We are still receiving requests to participate at events so need to put a plan in place for 2020.

All individuals who are granted write access to the Apache repositories must submit an Individual Contributor License Agreement (ICLA). Corporations that have assigned employees to work on Apache projects as part of an employment agreement may sign a Corporate CLA (CCLA) for contributing intellectual property via the corporation. Individuals or corporations donating a body of existing software or documentation to one of the Apache projects need to execute a formal Software Grant Agreement (SGA) with the ASF.

> Brand Management: Operations — The work of the Brand Management team falls broadly into one of three categories:

trademark transfers and registrations

granting permission to use our marks

addressing potential infringements of our marks

The volume of work this quarter has been roughly double that of the previous quarter. The increase has been mostly in the areas of requests to use our marks and queries regarding potential infringements. The increase in volme has been manageable, largely due to the tracking system we have put in place.

This quarter has seen requests to use Apache marks for user groups, events, merchandise, publications and training courses with nearly all requests being granted, subject to our Trademark Usage Policy. There have been a few cases this quarter of requests being made for marks that the ASF does not own which we have redirected to the correct owners.

Registrations — A number of registrations came up for renewal this quarter. We review each renewal as it comes up and, as a result, opted not to renew some of those registrations. The remaining renewals are in now progress.

Some registrations, particularly those outside the US, tend to be more complex. This quarter some of our registrations in China have continued to require additional work to help them progress.

Infringements — Potential infringements are brought to our attention from both internal and external sources. The majority of infringements we see are accidental and our project communities are able to resolve these quickly and informally with occasional input from the Brand Management team. A small number of issues take longer to resolve. We made progress on some of these this quarter and hope that that progress will continue next quarter.

We received multiple reports of a significant infringement this quarter and are in contact with the company concerned to remedy the situation. We hope to have this resolved in the next quarter.

> Infrastructure: The datacenter fast-exit mentioned last quarter was completed, as an all-hands shift. That went very well, and our services have been relocated. That sudden move really helped us to double-check our configuration management (Puppet-based) and to reallocate services to better-cost providers, to stretch our Infrastructure dollar.

For a short while in August, we experienced some email issues that created a perfect storm with one of our primary providers. That has been resolved, with a new mail queue monitoring system and alerting, helping to improve our ongoing level of uptime and service.

September was our 20th Anniversary ApacheCon North America, held in Las Vegas, Nevada. The entire team traveled to Vegas to meet with each other and with the community. It was a great opportunity to put faces to new names, to see some old faces, and to get a bit of work and team bonding accomplished.

We also launched our new ".asf.yaml" service for out projects to self-service many aspects of their GitHub presence, and workflow for publishing project websites. More features for the projects, and less tickets for the team. This has been working well, and we continue to improve upon its capabilities. One of the Apache community members provided several features through some Pull Requests -- it is always great to see someone in the community helping out the thousands of others who form Apache.

One of our final initiatives in the quarter, was a revamp of how we map projects' Apache Subversion repositories over to GitHub. We upgraded the server, improved the mapping system, and pruned out numerous unused projects (eg. they had switched to git). We also improved the resiliency of our GitHub-based webhooks by using message queues for repeatability, and to hold messages while we upgrade the primary server. We've seen improvements in stability and ordering, already.

> Financial Statement:

> Fundraising: Fundraising work continues smoothly with very few non-BAU/business-as-usual details to share. "No news is good news", as they say!

We are pleased to report that the online form and digital agreement signature procedures announced last quarter are working well and keeping busywork to a minimum.

We once again thank all of our wonderful ApacheCon sponsors that showed up in force at ApacheCon NA and ApacheCon EU and were glad to enjoy some in-person time with both Event and Foundation sponsors.

A targeted sponsorship for D&I was received and processed per our BAU procedure. This was the first exercise of the procedure and worked well. We also continued conversations with a targeted sponsor for a project as well as explored the possibility of a crypto token donation.

This week, we are excited to launch the 2020 ASF Community Survey, with which we will gather scientific data that allows us to understand our community better, both in its demographic composition, and also in collaboration styles and preferences. We want to find areas where we can continue to do great work and others where we need to provide more support so that our projects can keep growing healthy and diverse. This joint effort was long overdue: our last survey of this kind was implemented in 2016 [1], which means that all the information we currently have about our communities is outdated.

For this new version of the survey, we have hired Bitergia to design it, a company expert in analysing open source communities and other types of software development teams. They have experience in this type of surveys and research in open source communities. Among other studies, their previous work includes an analysis in gender diversity in technical contributions for OpenStack [2]. The 2020 ASF Community Survey is the first part of a two-stage research. The second part consists of interviews with people who have contributed to the ASF, in order to assess their experience. We'll share more on this second part of the project soon.

This survey and research are part of the ASF efforts to build a more equitable, inclusive and diverse community. They are run by the Vice Presidency of Diversity and Inclusion, a team formed last May. We'll share a broader update about this group in January.

If you have an apache.org email address you will receive an email by Thursday, Dec 5 at 3PM PST, with a link to the survey. Please take 15 minutes to complete it. If you didn't receive the email or you do not have an apache.org email address, please use this link to complete the survey:

We are looking to hear from everyone in our community: from users and contributors, to committers and PMCs. Everyone's voice matters.

Find more information about the 2020 ASF Community Survey on its page on Confluence [3], including the privacy policy governing this initiative. If you are part of our community, either as a user, contributor, or both, your participation is paramount to the success of this project! Please consider filling out the survey, and share this blog on social media, send it to your fellow Apache contributors. As individuals form the Apache community, your opinion matters: we need to hear your voice.

Wakefield, MA, and DevOps World/Jenkins World Lisbon, Portugal —4 December 2019— The Apache® Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today that CloudBees has become an ASF Targeted Sponsor at the Platinum level.

"We are pleased to welcome CloudBees as a Targeted Platinum Sponsor," said ASF Vice President Fundraising Daniel Ruggeri. "ASF Sponsors help offset our day-to-day operating expenses, from Accounting to Infrastructure to Legal to Marketing and more. Targeted Sponsorship provides contributions aimed at activities and programs that support specific ASF operations as well as designated Apache projects and their communities. Among the many benefits towards Apache Infrastructure, Targeted donations include development/collaboration tools, co-location space, cloud services, monitoring systems and more. We are excited to add continuous delivery software services to the list, courtesy of CloudBees."

"CloudBees is a strong advocate of Open Source. As major contributors to many Open Source projects, including Jenkins and Jenkins X, we see the value organizations derive from using Open Source every day," said Sacha Labourey, CEO and co-founder, CloudBees. "Our contribution to The Apache Software Foundation will enable it to continue its mission to develop Open Source projects and support the use of Open Source all over the world. We are proud to be a targeted sponsor."

The ASF Infrastructure Team keeps the Foundation's global services running 24x7x365 at near 100% uptime at less than US$5,000 per project. Performance statistics that reflect 7M+ weekly checks and project mail volume across 2,059 lists are available at http://status.apache.org/

"Every day, billions of users of Apache projects benefit from the many services provided by ASF Infrastructure," added Ruggeri. "Our sponsors' generosity helps bolster the support provided to more than 350 Apache projects and their communities. We look forward to expanding the Targeted Sponsorship program to meet the growing demand for Apache projects that build upon our mission of providing software for the public good."

CloudBees is powering the continuous economy by offering the world’s first end-to-end continuous software delivery management system (SDM). For millions of developers and product teams driving innovation for businesses large or small, SDM builds on continuous integration (CI) and continuous delivery (CD) to enable all functions and teams within and around the software delivery organization to best work together to amplify value creation. CloudBees is the CI, CD and application release orchestration (ARO) powerhouse, built on the commercial success of its products as well as its open source leadership. CloudBees is the largest contributor to Jenkins and Jenkins X, and a founding member of the Continuous Delivery Foundation (CDF). From startups with full-stack developers practicing NoOps to large Fortune 100 companies, CloudBees enables all software-driven organizations to intelligently deploy the right capabilities at the right time.

Over 3,500 of the world's best-known brands and over 50% of the Fortune 500 depend on CloudBees because of its ability to work across any cloud, in any development environment and to balance corporate governance and control with developer flexibility and freedom. CloudBees is home to the world’s leading DevOps experts, helping thousands of companies harness the power of "continuous everything" and putting them on the fastest path from great idea, to great software, to great business value.

Backed by Matrix Partners, Lightspeed Venture Partners, Verizon Ventures, Delta-v Capital, Golub Capital and Unusual Ventures, CloudBees was founded in 2010 by former JBoss CTO Sacha Labourey and an elite team of continuous integration, continuous delivery and DevOps professionals. Follow CloudBees on Twitter, Facebook and LinkedIn.

About The Apache Software Foundation (ASF)

Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server —the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 760 individual Members and 7,400 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Aetna, Anonymous, ARM, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Facebook, Google, Huawei, IBM, Indeed, Inspur, LeaseWeb, Microsoft, Oath, ODPi, Pineapple Fund, Pivotal, Private Internet Access, Red Hat, Target, and Union Investment. For more information, visit http://www.apache.org/ and https://twitter.com/TheASF

As the US Thanksgiving holidays are upon us, our end-of-year Individual Giving and Corporate Gifts campaigns have begun. Your support of The Apache Software Foundation helps ensure 350+ Apache projects and initiatives remain accessible to all, absolutely free of charge.

Support from donors enables the all-volunteer, vendor-neutral ASF ensure its community-driven projects are freely available to billions of users, to steward, develop, and advance the next generation of Open Source innovations "The Apache Way", and nuture diverse communities around the globe.

This Tuesday, 3 December, is Giving Tuesday —the global fundraising movement that launched the second largest giving day of the year. When you donate to the ASF on Giving Tuesday itself, you can be a part of something even bigger: in 2018 more than $400M was raised for hundreds of organizations worldwide.

Whether you donate on Giving Tuesday or as part of your year-end contributions, giving to the ASF is easy:

Individual Donations

One-Time or Monthly Recurring Donations: visit https://donate.apache.org/ to make a donation using a debit or credit card, ACH electronic transfer, or PayPal. You'll receive a receipt for your tax-deductible* contribution via email.

Purchasing Programs: those of you who shop from Amazon can start your retail journey at https://smile.amazon.com/ so a portion of your qualifying purchases will be donated to the ASF.

Corporate Giving Programs: your gift to the ASF as part of an annual corporate giving program helps bolster the ASF’s mission. Companies such as Bloomberg Philanthropies, IBM, Microsoft, and many others' matching gift programs offer tax benefits, and provide their employees the ability to boost their support of a diverse set of nonprofit organizations. Contact us at fundraising(at)apache(dot)org to get started.

Corporate Matching Gifts: if you have a matching gift program, your contribution to the ASF can be generously increased. Matching gift programs augment corporate contributions and help further support the ASF. Contact us at fundraising(at)apache(dot)org for more information.

Third-Party Fundraising Platforms: the ASF is an official charity in the Benevity Causes Portal as part of numerous corporate giving initiatives, such as the Microsoft Tech Talent for Good volunteer program, among others. For more information, visit https://www.benevity.com/

The Apache Software Foundation is an all-volunteer community. The ASF does not pay for code development or contributions by its Board of Directors, Executive Officers, 765 Individual ASF Members, 205 Apache Project Management Committees, 7,500+ Committers, and countless contributors.

* For those based in the US, donations are 100% tax deductible to the full extent of the law. As regulation varies, we encourage you to consult a qualified advisor experienced with your local tax law pertaining to donations.

The ASF is a US 501(c)(3) not-for-profit charitable organization, whose tax identification number is 47-0825376. More information about non-profits and related issues can be found at the Internet Nonprofit Center.

The Apache Software Foundation Objects to the For-Profit Sale of the .org Registry

Non-profit organizations like The Apache Software Foundation serve the public good in many ways. It is critical to our mission and to the mission of many other non-profits, that we be able to reliably disseminate information via the Internet. This principle of enabling the open exchange of information to and among those we serve lies at the heart of what we do at The Apache Software Foundation. Indeed it lies at the heart of a free society.

It is for that reason that we object to the sale of the .org registry to a for-profit company. A private, for-profit registry is unlikely to protect the interests of non-profit foundations and organizations on the Internet the way a non-profit can.

We call on ICANN to stop the sale of the Public Interest Registry to Ethos Capital, and ensure that the .org registry remains in the hands of a body capable of governing neutrally and with sensitivity to the issues that are unique to the non-profit business sector.

"We are excited to support The Apache Software Foundation, championing an organization that is delivering software for public good. Apache's software is core to much of the Internet and is used by many of our customers and community."—Zaheda Bhorat, Head of Open Source Strategy, Amazon Web Services (ASF Platinum Sponsor and Targeted Silver Sponsor)

> Conferences and Events: During Q1, we did not hold any official Apache events.

We were actively planning for the following upcoming events: ApacheCon North America in September, and ApacheCon Europe in October.

Upcoming events are always listed at events.apache.org and sponsorship opportunities are available for all upcoming events. Contact planners@apachecon.com with any questions.

> Community Development: Throughout this quarter a lot of work has been done in helping support the preparations for ApacheCon NA and EU. With a 3 day Community track planned for ApacheCon NA and a 2 day Community track planned for ApacheCon EU, we helped co-ordinate and manage the CFP submissions to select the content for the tracks.

In early 2018, we setup a Redbubble store as an easy way for any of our ASF projects to order their own branded items such as t-shirts and mugs etc. In preparation for ApacheCon, many of our projects have asked for their logos to be added to the store so they can purchase a range of merchandise and promote their projects visually.

As a regular GSoC mentor organisation, we have been invited to participate at the Mentor Summit in Germany. Two of our existing GSoC mentors have been chosen to attend.

Following on from the discussions last quarter on ways to drive better diversity and inclusion, a separate mailing list has been established that will focus on discussing, defining and co-ordinating strategies to improve diversity and inclusion across the foundation.

We are continuing to investigate opportunities for smaller Apache Roadshows in 2020 including the possibility of one in India. We have also been invited to participate with an Apache track in CCOSS 2019 in Mexico.

Mailing list traffic has decreased this quarter probably due to the holiday season.

All individuals who are granted write access to the Apache repositories must submit an Individual Contributor License Agreement (ICLA). Corporations that have assigned employees to work on Apache projects as part of an employment agreement may sign a Corporate CLA (CCLA) for contributing intellectual property via the corporation. Individuals or corporations donating a body of existing software or documentation to one of the Apache projects need to execute a formal Software Grant Agreement (SGA) with the ASF.

> Brand Management: Operations — The work of the Brand Management team falls broadly into one of three categories:

trademark transfers and registrations

granting permission to use our marks

addressing potential infringements of our marks

The volume of work has remained steady this quarter. Registrations and transfers are lengthy processes but the tracking system we have put in place remains up to the task.

This quarter has seen the usual collection of requests to use Apache marks for user groups, events, merchandise and publications with nearly all requests being granted, subject to our Trademark Usage Policy. Use of our marks for events is now dependent on the event having an acceptable anti-harassment policy.

Registrations — A number of registrations came up for renewal this quarter. We review each renewal as it comes up and, as a result, opted not to some of those registrations. The remaining renewals are in now progress. Some registrations, particularly those outside the US, tend to be more complex. This quarter some of our registrations in China have required additional work to help them progress.

Infringements — Potential infringements are brought to our attention from both internal and external sources. The majority of infringements we see are accidental and our project communities are able to resolve these quickly and informally with occasional input from the Brand Management team. A small number of issues take longer to resolve. We made progress on some of these this quarter and hope that that progress will continue next quarter.

It was pleasing to see a number of PMCs successfully address potential infringements independently this quarter. As the ASF continues to grow, having PMCs that can operate more independently in this area helps the overall Brand Management capability scale to match the ASF's growth.

> Infrastructure: Infrastructure has had an interesting quarter, combining a regular workload of upgrades, ticket handling, and project support, then needing to change gears for July to perform a full datacenter move to lower our costs.

We spent a significant amount of time upgrading and improving our systems. The backup system was simplified in FY19Q3, and we took another pass at it this quarter to expand storage space and improve the tooling via the open source backuppc system. Numerous upgrades of services, such as Jira and Jenkins, were performed to keep us secure and up to date.

One of the newer services we are testing is the use of a "Content Delivery Network" (CDN) for our projects' websites. A few projects are participating in a trial, and we will roll out wider usage later this year, after successful trials.

Lastly, we have started a concerted effort to expand and diversify our CI/CD capacity. The continued growth of projects at the Foundation, and modern development trends towards CI/CD, have combined to create an ever-increasing demand for resources. We are increasing our system capacity, tracking projects' usage, and looking towards new types of systems and providers.

> Financial Statement:

> Fundraising: Fundraising continues to carry on smoothly. New sponsors are successfully onboarding and renewals are occurring without incident. In this quarter, we renewed and onboarded several sponsors smoothly. We also spent the quarter continuing our work on consolidating existing sponsorship agreements into our formalized foundation offerings. This helps to limit one-off processing and to keep operations as efficient as possible.

We formalized a number of our event sponsorship/support activities into ongoing processes that are safe, repeatable, and comply with industry best-practices as we continue support of ApacheCon and our Roadshows.

Another significant step for Fundraising this quarter was the introduction of form-based onboarding which helps keep data clean and helps enable further automation for the road ahead!

We are delighted to report more than $10,000 in individual giving was donated to The ASF in addition to our foundation sponsors. Thank you, deeply, for your support!

Open Source machine learning library in use at Citigroup, NetEase, and Singapore General Hospital, among others.

Wakefield, MA —4 November 2019— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® SINGA™ as a Top-Level Project (TLP).

Apache SINGA is an Open Source distributed, scalable machine learning library. The project was originally developed in 2014 at the National University of Singapore, and was submitted to the Apache Incubator in March 2015.

"We are excited that SINGA has graduated from the Apache Incubator," said Wei Wang, Vice President of Apache SINGA and Assistant Professor at the National University of Singapore. "The SINGA project started at the National University of Singapore, in collaboration with Zhejiang University, focusing on scalable distributed deep learning. In addition to scalability, during the incubation process, built multiple versions to improve the project’s usability and efficiency. Incubating SINGA at the ASF brought opportunities to collaborate, grew our community, standardize the development process, and more."

Apache SINGA is a distributed machine learning library that facilitates the training of large-scale machine learning (especially deep learning) models over a cluster of machines. Various optimizations on efficiency, memory, communication and synchronization are implemented to speed it up and scale it out. Currently, the Apache SINGA project is working on SINGA-lite for deep learning on edge devices with 5G, and SINGA-easy for making AI usable by domain experts (without deep AI background).

Apache SINGA is in use at organizations such as Carnegie Technologies, CBRE, Citigroup, JurongHealth Hospital, National University of Singapore, National University Hospital, NetEase, Noblis, Shentilium Technologies, Singapore General Hospital, Tan Tock Seng Hospital, YZBigData, and others. Apache SINGA is used across applications in banking, education, finance, healthcare, real estate, software development, and other categories.

"So glad to see the first Apache project focusing on distributed deep learning become a Top-Level Project," said Beng Chin Ooi, Distinguished Professor of National University of Singapore who initialized the SINGA project, and a member of the Apache SINGA Project Management Committee. "It is essential to scale deep learning via distributed computing as the deep learning models are typically large and trained over big datasets, which may take hundreds of days using a single GPU."

"I am glad to witness the graduation of Apache SINGA as a TLP," said Gang Chen, Professor and Dean of Zhejiang University and Dean of ZJU-NetEase research lab. "We will continue to contribute to the development and use it for industry applications such as smart fabric printing, e-commerce recommendation and smart cities."

"Apache SINGA has a flexible distributed training framework," said Sheng Wang, Research Scientist at the DAMO Academy of Alibaba and a member of the Apache SINGA Project Management Committee. "SINGA can implement multiple popular distributed training strategies, including synchronous and asynchronous training. It achieved excellent scalability in comparison with other deep learning platforms."

"Apache SINGA has been applied to support many different healthcare applications at MZH Technologies," said Zhongle Xie, CTO of Hangzhou MZH Technologies and a member of the Apache SINGA Project Management Committee. "The performance of disease diagnoses based on X-Ray images could even pass the radiologists. We also built a food recognition app using SINGA to help patients monitor their food intake and log the nutrition automatically."

"We are working with cardiologists in Fuwai Hospital, Beijing, China, to develop a machine learning/deep learning cardiovascular disease prediction model, using cardiovascular risk factors and other indirect factors such as diet and exercise," said MZH Technologies co-founder and Beijing Institute of Technology Professor, Meihui Zhang. "We are also using Apache SINGA for data cleaning and integration."

"Besides scalability, SINGA team is continuously improving the library by adding new features to make it easier to use," said Moaz Reyad, Postdoctoral Researcher at Université Grenoble Alpes, and a member of the Apache SINGA Project Management Committee. "For example, SINGA has a sub-component called SINGA-auto (original name is Rafiki), which provides AutoML features like automatic hyper-parameter tuning."

"We would like to thank all our mentors for guiding the project and all contributors for helping on this project from incubation to graduation," added Wang. "Deep learning and other AI technologies are changing the world from many aspects. We welcome newcomers to join our community to make contributions to this exciting field!"

Availability and Oversight

Apache SINGA software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache SINGA, visit http://singa.apache.org/ and https://twitter.com/ApacheSINGA

About the Apache Incubator

The Apache Incubator is the entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. All code donations from external organizations and existing external projects enter the ASF through the Incubator to: 1) ensure all donations are in accordance with the ASF legal standards; and 2) develop new communities that adhere to our guiding principles. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. For more information, visit http://incubator.apache.org/

About The Apache Software Foundation (ASF)

Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server --the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 730 individual Members and 7,000 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Anonymous, ARM, Baidu, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, Hortonworks, Huawei, IBM, Indeed, Inspur, Leaseweb, Microsoft, ODPi, Pineapple Fund, Pivotal, Private Internet Access, Red Hat, Target, Tencent, Union Investment, Workday, and Verizon Media. For more information, visit http://apache.org/ and https://twitter.com/TheASF

Scalable Open Source Big Data database processes queries in milliseconds; used in autonomous drones, federated situation-aware access control systems, and petabyte-scale graphs modeling, among many other applications.

Wakefield, MA —24 September 2019— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® Rya® as a Top-Level Project (TLP).

Apache Rya (pronounced "ree-uh") is a Cloud-based Big Data triple store (subject-predicate-object) database used to process queries in milliseconds. The project was originally developed at the Laboratory for Telecommunication Sciences, and was submitted to the Apache Incubator in September 2015.

"We are very excited to reach this important milestone showing the maturity of the project and of the community around it," said Dr. Adina Crainiceanu, Vice President of Apache Rya and Associate Professor of Computer Science at the U.S. Naval Academy. "RDF (Resource Description Framework) triple data format is simple and flexible, making it easy to express diverse datasets such as connections between users on social media, financial data and transactions, medical data, and many others. Rya provides a scalable solution to store and query such data. The publication of the first research article about Rya garnered interest from industry, academia, and several government agencies. Bringing the project to ASF allowed collaboration and increased pace of development."

With its ability to store billions of linked information sets and return answers to most computer-based questions in under a second, Rya's scalable RDF data management system is built on top of Apache Accumulo® to support SPARQL queries for RDF data. A MongoDB back-end is also implemented. Rya uses novel storage methods, indexing schemes, and query processing techniques that scale to billions of triples across multiple nodes.

Rya is in use at organizations such as Enlighten IT Consulting, Modus Operandi, Parsons Corporation, Semantic Arts, Semantic Web Company, Sierra Nevada Corporation, and U.S. Department of Defense agencies. Apache Rya is recognized as one of the most advanced database projects in the United States Department of the Navy, powering a new generation of drones, advanced tactical communications through manned-unmanned teaming, and supporting autonomous swarms of smaller robots, among numerous other applications. In addition, Apache Rya is being used for artificial intelligence projects involving semi-autonomous content production operations.

"I would like to thank our mentors for their guidance and recognize the Apache Rya founders for making their project available for all to use and further extend," said Jennifer Brown, Project Manager for Semantic Technologies at Parsons Corporation, and member of the Apache Rya Project Management Committee. "In 2012 the founders introduced an RDF store backed by Apache Accumulo that was capable of basic inferencing, scaling to billions of triples, and providing millisecond query times. Our Semantic Technologies team at Parsons Corporation has enjoyed the opportunity to collaborate with the Apache Rya community to contribute new indexing strategies, query planner optimizations, additional inference capabilities, alerting extensions, native support for popular graph processing frameworks, and more."

"It's great to see Apache Rya has matured into a Top-Level Project. Rya is a very innovative and Open Source RDF data management system based on Big Data technology," said Dr. Zhiyuan Chen, Associate Professor, Information Systems Department, University of Maryland Baltimore County. "We have used Apache Rya in a variety of research projects ranging from more efficient query processing techniques over geographically distributed RDF data to situation-aware access control in federated systems. We found Rya very easy to use, easy to extend, and extremely efficient."

"Apache Rya has the potential to become one of the most scalable RDF data management systems on the market," said Andreas Blumauer, Founder and CEO, Semantic Web Company GmbH and Director, PoolParty Software Ltd.

"Our technology helps organizations discover the rare and hidden patterns with applied semantics enhancements and AI/ML analytics, to develop Living Intelligence in a data domain," said Kim Ziehlke, Principal Software Engineer at Modus Operandi. "Patterns are used to predict potential opportunities and threats and as a result, our clients can take preventative action, or take leading-edge advantage in complex decisions. Modus Operandi has achieved 2+ BILLION triples, sub-second queries, thousands of unstructured docs processed per second all backed by the Apache Rya triple store."

"Apache Rya is a foundational piece of technology on our projects," said Roshan Punnose, Technical Director at Enlighten IT Consulting and member of the Apache Rya Project Management Committee. "We use Rya to model graphs and entities at petabyte scale. It is the only technology that we have found to scale this type of information with field level visibilities, which allow data protections required on our projects. We have worked with Rya for 7 years and have benefitted from the work the Apache Rya team has done to help increase performance. We would like to thank all the contributors for their diligence and hard work in making Rya a first class citizen of the Apache community."

"Apache Rya is a very exciting project at The Apache Software Foundation that combines the world of 'Semantic Data' with that of 'Big Data'," said Christopher Tubbs, ASF Member and Project Management Committee (PMC) member of Apache Accumulo and Apache Fluo. "Implementing anything at scale can pose a challenge, but making semantic data searchable using familiar standards, such as SPARQL, and optimizing it at scale is really quite an amazing feat. Yet, that's precisely what the Rya community has done. Building on highly scalable platforms such as Apache Accumulo, the Rya community has produced an impressive platform for storing and querying very large semantic data sets. Apache Rya is something that every data scientist should get to know, because it's pretty cool."

"Apache Rya is an amazing project that enables users to execute SPARQL against large RDF data sets," said Keith Turner, Principal Software Engineer at Peterson Technologies, Vice President of Apache Fluo, member of the Apache Accumulo Project Management Committee, and ASF Member. "I had the pleasure to work with the Rya community when they asked for advice on using Apache Fluo for pre-computed joins. During our discussions, I found the folks working on Rya didn't need much assistance because they already had a thorough understanding of the complex issues surrounding distributed consistency. When considering using a piece of software that solves a hard problem for you, it’s comforting to know great minds stand behind it. With great software and wonderful community, what are you waiting for? Give Rya a try. Also, as an extra bonus Rya is an Apache community and all are welcome to participate in shaping the future of Rya."

"We are grateful for the mentorship provided by the Apache Incubator in building a diverse and open community and learning the Apache Way," added Crainiceanu. "We are looking forward to continuing our journey as a Top-Level Project."

Availability and Oversight

Apache Rya software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache Rya, visit http://rya.apache.org/ and https://twitter.com/apacherya

About the Apache Incubator

The Apache Incubator is the entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. All code donations from external organizations and existing external projects enter the ASF through the Incubator to: 1) ensure all donations are in accordance with the ASF legal standards; and 2) develop new communities that adhere to our guiding principles. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. For more information, visit http://incubator.apache.org/

About The Apache Software Foundation (ASF)

Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server --the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 760 individual Members and 7,300 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Anonymous, ARM, Baidu, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, Huawei, IBM, Indeed, Inspur, Leaseweb, Microsoft, ODPi, Pineapple Fund, Pivotal, Private Internet Access, Red Hat, Target, Tencent, Union Investment, Workday, and Verizon Media. For more information, visit http://apache.org/ and https://twitter.com/TheASF

World's largest Open Source foundation’s 300+ freely-available, enterprise-grade Apache projects power some of the most visible and widely used applications in computing today.

Wakefield, MA —13 August 2019— The Apache® Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today the availability of the annual report for its 2019 fiscal year, which ended 30 April 2019.

Celebrating its 20th Anniversary, the world's largest Open Source foundation’s "Apache Way" of community-driven development is the process behind hundreds of freely-available (100% no cost), enterprise-grade Apache projects that serve as the backbone for some of the most visible and widely used applications in Artificial Intelligence and Deep Learning, Big Data, build management, Cloud Computing, content management, DevOps, IoT and Edge computing, mobile, servers, and Web frameworks, among many other categories.

The ubiquity of Apache software is undeniable, with Apache projects managing exabytes of data, executing teraflops of operations, and storing billions of objects in virtually every industry. Apache software is an integral part of nearly every end user computing device, from laptops to tablets to phones.
Apache software is used in every Internet-connected country on the planet.

Highlights include:

ASF codebase is conservatively valued at least $20B, using the COCOMO 2 model;

Continued guardianship of 190M+ lines of code in the Apache repositories;

The Apache® Software Foundation Announces Program for ApacheCon™ Europe

Official Global Conference Series heralds "Tomorrow's Technology Today" with keynotes by European Commission Director of Digital Business Solutions Thomas Gageik, Mastercard Executive Vice President for Global Cities Miguel Gamiño, and Political Analyst and Writer Nanjala Nyabola

Wakefield, MA —11 July 2019— The Apache® Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today the event program for the European edition of ApacheCon™, the ASF's official global conference series. ApacheCon Europe will take place 22-24 October 2019 at the Kulturbrauerei in Berlin, Germany.

ApacheCon draws attendees from more than 60 countries to experience "Tomorrow's Technology Today" by showcasing key Open Source technologies independent of business interests, corporate biases, or sales pitches.

ApacheCon content is selected entirely by Apache projects and their communities, enabling participants at all levels to learn about the latest innovations in dozens of categories. The ApacheCon Europe program categories include Big Data, Community, IoT, Machine Learning, and Open Source Design, among others. Participants learn about Open Source development "The Apache Way", through hands-on sessions, keynotes, real-world case studies, hackathons, and more in a deliberately intimate, collaborative, vendor-neutral environment.

Attendees will join The Apache Software Foundation in celebrating its 20th Anniversary with special events and activities, including dynamic discourse with select ASF founders, and keynotes by European Commission Director of Digital Business Solutions Thomas Gageik, Mastercard Executive Vice President for Global Cities Miguel Gamiño, and political analyst and writer Nanjala Nyabola.

Registration and Deadlines

Standard Registration: 7 October. Special discounted rates are available for select individual participants and groups. Sign up at https://aceu19.apachecon.com

Travel Assistance: 14 July. Members of all underrepresented communities are encouraged to apply for Travel Assistance. Apply at http://www.apache.org/travel/

Event Sponsors

ApacheCon is the primary gathering of the collective Apache community worldwide; sponsorship of the official conference series of the world’s largest Open Source foundation is one of the most effective ways to gain visibility and competitive advantage. Sponsors who showcase their products, people, and community support benefit by extending their brands to the greater Apache community, engaging with industry influencers, and connecting with potential future collaborators. Many sponsors consider ApacheCon to be an invaluable resource for recruiting top Open Source talent. ApacheCon attendees include individual developers and users, Fortune 500 companies, start-ups, educators, consultants, community managers, Open Source enthusiasts, influencers, and industry analysts.

ApacheCon is the official global conference series of The Apache Software Foundation. Since 1998 ApacheCon has been drawing participants at all levels to explore "Tomorrow's Technology Today" across 300+ Apache projects and their diverse communities. ApacheCon showcases the latest developments in ubiquitous Apache projects and emerging innovations through hands-on sessions, keynotes, real-world case studies, trainings, hackathons, community events, and more. For more information, visit http://apachecon.com/ , https://twitter.com/ApacheCon , and https://s.apache.org/ApacheCon

About The Apache Software Foundation (ASF)

Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server —the world's most popular Web server software. Through the ASF's merit-based process known as "The Apache Way," more than 770 individual Members and 7,000 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting billions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Anonymous, ARM, Baidu, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, Huawei, IBM, Indeed, Inspur, Leaseweb, Microsoft, ODPi, Pineapple Fund, Pivotal, Private Internet Access, Red Hat, Target, Tencent, Union Investment, Workday, and Verizon Media. For more information, visit http://apache.org/ and https://twitter.com/TheASF

It is with a mix of sadness and appreciation that the ASF Board accepted the resignations of Board Member Jim Jagielski, Chairman Phil Steitz, and Executive Vice President Ross Gardler last month.

As an ASF co-founder, Jim has held every officer position since the Foundation’s incorporation, with the exception of a one-year break in 2018. He has played a substantial role in the development and success of the organization and is a recognized advocate of Open Source at the developer and corporate levels.

An ASF Member since 2005, Phil was instrumental in the adoption, growth, and ubiquity of Apache Java projects across many industries, most visibly financial services. He served as Vice President Apache Commons for four years, and as ASF Chairman August 2017 - May 2019.

Ross has been championing The Apache Way to governments, corporations, and educational institutions for nearly two decades. Since becoming an ASF Member in 2005, he served as Vice President of Community Development (2009-2012), ASF Director and President (2015-2016), and ASF Executive Vice President October 2016 - May 2019.

We laud their contributions to many of the ASF's achievements over the past two decades [1]. Their motivation, vision, and passion is truly inspiring. Whilst we will greatly miss their day-to-day leadership at the executive level, we are heartened that the Foundation will continue to benefit through their participation as ASF Members.

We look forward to the next chapter of the ASF as we continue to support the Foundation and hundreds of Apache projects and their communities who advance our mission of providing software for the public good at 100% no cost.

We are committed to ensuring the Foundation remains effective and stable. It's a unique opportunity in the ASF's history to build upon the accomplishments of past Boards, apply new methodologies, and work through diverse perspectives with the aim of helping the ASF continue its successful trajectory.

We appreciate your trust and are happy to discuss our progress at our upcoming ApacheCons in Las Vegas and Berlin [2].

The Apache® Software Foundation Announces Program and Early Registration Incentives for ApacheCon™ North America

Official Global Conference Series heralds "Tomorrow's Technology Today" with keynotes by David Brin, James Gosling, and Samaira Mehta, plus 40 content tracks from dozens of Apache projects and their communities

Wakefield, MA —5 June 2019— The Apache® Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today the event program and early registration for the North America edition of ApacheCon™, the ASF's official global conference series. ApacheCon North America will take place 9-12 September 2019 at the Flamingo Hotel in Las Vegas, Nevada. Early registration incentives end 27 June 2019.

ApacheCon draws attendees from more than 60 countries to experience "Tomorrow's Technology Today" by showcasing key Open Source technologies independent of business interests, corporate biases, or sales pitches.

ApacheCon content is selected entirely by Apache projects and their communities, enabling participants at all levels to learn about the latest innovations in dozens of categories. ApacheCon North America program categories include Big Data, Community, Content Delivery, Geospatial, Graph Processing, Integration, IoT, Machine Learning, Mobile, Observability, and Streaming, among others. Participants learn about Open Source development "The Apache Way", through hands-on sessions, keynotes, real-world case studies, workshops, hackathons, BarCamps, and more in a deliberately intimate, collaborative, vendor-neutral environment.

Attendees will join The Apache Software Foundation in celebrating its 20th Anniversary with special events and activities, including dynamic discourse with select ASF founders, and keynotes by award-winning author and futurist David Brin, "father of Java" James Gosling, and 10-year-old CoderBunnyz/One Billion Kids Can Code founder Samaira Mehta.

Registration and Deadlines

Early Registration: 27 June. Early bird incentives and additional discounted rates are available for individual participants as well as groups. Sign up at https://apachecon.com/acna19/

Travel Assistance: 21 June. Members of all underrepresented communities are encouraged to apply for Travel Assistance, with special funds earmarked for female Latin Americans. Apply at http://www.apache.org/travel/

Discounted Hotel Rooms: 19 August. Special sleeping room rates at the Flamingo Hotel and Casino are available based on availability, or when the block is sold out, whichever comes first. Book at https://www.apachecon.com/acna19/location.html

Event Sponsors

ApacheCon is the primary gathering of the collective Apache community worldwide; sponsorship of the official conference series of the world’s largest Open Source foundation is one of the most effective ways to gain visibility and competitive advantage. Sponsors who showcase their products, people, and community support benefit by extending their brands to the greater Apache community, engaging with industry influencers, and connecting with potential future collaborators. Many sponsors consider ApacheCon to be an invaluable resource for recruiting top Open Source talent. ApacheCon attendees include individual developers and users, Fortune 500 companies, start-ups, educators, consultants, community managers, Open Source enthusiasts, influencers, and analysts from more than 60 countries.

Media partners include Manning Publications and SD Times. For media sponsorship opportunities and registration by credentialed members of the media and analyst community, contact Sally Khudairi at press@apache.org.

About ApacheCon

ApacheCon is the official global conference series of The Apache Software Foundation. Since 1998 ApacheCon has been drawing participants at all levels to explore "Tomorrow's Technology Today" across 300+ Apache projects and their diverse communities. ApacheCon showcases the latest developments in ubiquitous Apache projects and emerging innovations through hands-on sessions, keynotes, real-world case studies, trainings, hackathons, community events, and more. For more information, visit http://apachecon.com/ , https://twitter.com/ApacheCon , and https://s.apache.org/ApacheCon

About The Apache Software Foundation (ASF)

Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server —the world's most popular Web server software. Through the ASF's merit-based process known as "The Apache Way," more than 770 individual Members and 7,000 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting billions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Anonymous, ARM, Baidu, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, Huawei, IBM, Indeed, Inspur, Leaseweb, Microsoft, ODPi, Pineapple Fund, Pivotal, Private Internet Access, Red Hat, Target, Tencent, Union Investment, Workday, and Verizon Media. For more information, visit http://apache.org/ and https://twitter.com/TheASF

Wakefield, MA —30 May 2019— The Apache Software Foundation (ASF) today welcomed JetBrains, the latest company to sponsor the ASF at the Targeted Platinum level.

"We are pleased to add JetBrains to our roster of Targeted Sponsors," said Daniel Ruggeri, ASF Vice President Fundraising. "As there are many ways to contribute to Open Source Software and the communities that support it, we are immensely grateful for our Sponsors' support by means of targeted donations in addition to monetary contributions."

"We at JetBrains strongly believe that it is necessary to give back to the Open Source ecosystem as all areas of software development rely on it heavily," said Maria Mikheyshina, Community Support Team Lead at JetBrains. "The Apache Software Foundation is an essential part of the OSS world, and it's been an honor for us to support it for so many years. Providing free JetBrains licenses to Apache committers is our way of saying 'Thank you!' for their hard work and invaluable contributions to the Open Source community."

For more information on becoming a Sponsor of the ASF, please see http://apache.org/foundation/sponsorship.html

About The Apache Software Foundation (ASF)Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects that provide $20B+ worth of Apache Open Source software to the public at 100% no cost. Through the ASF's merit-based process known as "The Apache Way," more than 730 individual Members and 7,000 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting billions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, ARM, Baidu, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, Huawei, IBM, Indeed, Inspur, LeaseWeb, Microsoft, ODPi, Pineapple Fund, Private Internet Access, RedHat, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF